Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ci(dependabot): change to monthly interval #25

Merged
merged 1 commit into from
Sep 9, 2024

Conversation

ErikSchierboom
Copy link
Member

@ErikSchierboom ErikSchierboom commented Sep 4, 2024

This PR changes the interval for dependabot updates to monthly.

Right now, the interval is usually set to daily, which results in (almost) daily notifications for Exercism maintainers, and frequent Docker updates to all tooling repos.

To reduce the maintenance burden, we are lowering the frequency to monthly. Due to Exercism's setup, it is unlikely that dependabot issues in our repositories need to be handled with any urgency, so we consider this to be a wise tradeoff.

For maintained track repos, maintainers can choose to close this PR unmerged. But for tooling repos and unmaintained tracks, we are requiring it to be merged.

Thanks!

@ErikSchierboom ErikSchierboom added the x:size/tiny Tiny amount of work label Sep 4, 2024
@cclauss
Copy link
Contributor

cclauss commented Sep 7, 2024

Given that there have only been two pull requests generated, I doubt this change matters unless a security vulnerability is discovered in an Action.

https://github.com/exercism/free-pascal/pulls?q=is%3Apr+author%3Aapp%2Fdependabot+is%3Aclosed

@IsaacG
Copy link
Member

IsaacG commented Sep 7, 2024

Given that there have only been two pull requests generated, I doubt this change matters unless a security vulnerability is discovered in an Action.

https://github.com/exercism/free-pascal/pulls?q=is%3Apr+author%3Aapp%2Fdependabot+is%3Aclosed

The same change is being applied uniformly across all Exercism repos. It might not matter for this one repo. It matters more when you multiply that by a few hundred 😄

@ErikSchierboom ErikSchierboom merged commit 4745370 into main Sep 9, 2024
4 checks passed
@ErikSchierboom ErikSchierboom deleted the dependabot-interval branch September 9, 2024 06:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
x:size/tiny Tiny amount of work
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants